Community Threat Alerts against public IPs

Hello,

we’re getting a lot of alerts based on a community threat which tracks malicious IPs. The alerts are inbound traffic against our systems which have a public IP address and are therefor exposed to the outside. From my point of view, connections against exposed assets from malicious IPs are nothing special, in the sense that these IPs are constantly scanning publicly available systems for vulnerabilities or weak passwords.

Is there a way to disable these alerts for systems with a public IP?

Hey @Ge72w108,

For any of your community threats that are causing noise, it depends on whether they are your custom built community threat or you subscribed to a pre-built community threat.

If you built them, just go into the community threat and edit as needed.
If you subscribed to someone else’s, then you can’t do any edits as it’s not your threat, you will have to unsubscribe completely, or make a copy of it so it’s yours and then adjust the IOCs, but you will still need to unsubscribe from the original threat regardless.